• July 17, 2017
    Announcement: New site design for Microsoft Community

    In July, Microsoft will roll out the first of ongoing site improvements aimed to modernize Microsoft Community and help customers get the most out of their community experience.

    • During the roll out period, you may see the old or new site design depending on your location

    • We expect the roll out to finish by 31 July

    Note: Past private message conversations will not move to the new site design. Please save any private messages you would like to keep.

     Learn more about the upcoming site improvements in this thread.

    Thank you for being part of Microsoft Community!

 
Discussion
1865 views

PIN makes Windows LESS, FAR, FAR, LESS secure

ralarock started on

In order to use a fingerprint reader one is REQUIRED to allow access through a ridiculously simple (to have any hope of remembering it) PIN authentication process. Which is the least secure credentials I've ever heard of short of nothing at all. All one has to do is guess a few digits and they can bypass a nice long complicated secure pass phrase AND the fingerprint reader. Seriously? HELLO?  

If one were to try to set up a PIN that was as secure as a password, it would be necessary to use far more characters. Each digit has 10 options, Each letter 26 (for English anyway), if one ignores special characters which any meaningful pass phrase should include because doing so makes the pass phrase even harder to guess. But, let's assume letters only for the sake of argument. A PIN would have to be at least two and a half times as long as a similarly secure password. The point being clear, I hope. NOBODY is going to create a meaningful PIN. It's going to be 1234 or something else that even an adult could guess.

My fingerprint reader worked great under Windows 8.1. No problems at all. I had that and a nice complicated pass phrase to ensure secure log in. Adequate enough. Now that I've installed Windows 10 I have to go back to the inconvenience of using the password or I have to allow the use of a nearly totally insecure PIN. 

If the goal is to make Windows 10 more secure, why in the world would one be required to create a trivial way to bypass any reasonable form of security that already exists?

Someone needs to reconsider their notion of authentication security. This is so obviously lame that I can't believe anyone with any kind of expertise in authentication security was ever consulted about this "feature."

aside:

By the way once a PIN is set up and one has essentially removed any significant security from the system, it's a challenge to figure out how to get rid of it. There is no remove button. The only option offered is to change it. The trick to get rid of the PIN  is to reset it, not enter anything into the new PIN fields and cancel the process. At least that seems to have worked for me. Though, the darn PIN might still be hiding in there somewhere ready to come back and bite me. For what it's worth, I suggest avoiding my mistake and NOT setting up the PIN in the first place.

19 people have recommended this discussion

Abuse history


progress